Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/Nr68oQSIIJdUARQwtC4eJRIkp0M.roa
File:                     Nr68oQSIIJdUARQwtC4eJRIkp0M.roa (raw, json)
Hash identifier:          azla4f335LGCR8ayRIrHvDtq1gCIq+jBmEbN43LdF1c=
Subject key identifier:   36:BE:BC:A1:04:88:20:97:54:01:14:30:B4:2E:1E:25:12:24:A7:43
Certificate issuer:       /CN=bb830630f23b070a2b7bdf529f73948c97eacd40
Certificate serial:       01870E1C47516908A6836156306F979F6C40
Authority key identifier: BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/Nr68oQSIIJdUARQwtC4eJRIkp0M.roa
Signing time:             Thu 23 Mar 2023 10:55:46 +0000
ROA not before:           Thu 23 Mar 2023 10:55:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        195.149.87.0/24 maxlen: 24
                          80.92.205.0/24 maxlen: 24
                          80.92.204.0/24 maxlen: 24
                          74.119.192.0/24 maxlen: 24
                          80.92.206.0/24 maxlen: 24
                          74.119.195.0/24 maxlen: 24
                          74.119.194.0/24 maxlen: 24
                          185.242.84.0/24 maxlen: 24
                          185.242.85.0/24 maxlen: 24
                          185.242.87.0/24 maxlen: 24
                          185.242.86.0/24 maxlen: 24
                          185.250.149.0/24 maxlen: 24
                          185.250.148.0/24 maxlen: 24
                          185.250.151.0/24 maxlen: 24
                          45.67.231.0/24 maxlen: 24
                          45.67.230.0/24 maxlen: 24
                          45.67.229.0/24 maxlen: 24
                          45.67.228.0/24 maxlen: 24
                          2a09:7c41::/32 maxlen: 32
                          2a09:7c44::/32 maxlen: 32
                          2a09:7c42::/32 maxlen: 32
                          2a09:7c47::/32 maxlen: 32
                          2a09:7c40::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 13 Apr 2023 10:28:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0e:1c:47:51:69:08:a6:83:61:56:30:6f:97:9f:6c:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb830630f23b070a2b7bdf529f73948c97eacd40
        Validity
            Not Before: Mar 23 10:55:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=36bebca10488209754011430b42e1e251224a743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:eb:e4:16:83:51:59:41:b4:87:31:b0:14:96:
                    8d:96:95:93:b7:70:f1:a7:b0:cf:44:48:d8:6b:14:
                    9a:eb:a4:49:c9:fd:a4:69:90:45:af:8c:ad:a1:82:
                    ca:73:d2:bb:3d:6b:85:33:0e:31:2f:13:e6:ce:ce:
                    f0:6b:72:e3:a0:30:0b:0f:6e:1b:f1:54:63:bd:b8:
                    2e:7c:53:bb:9e:dc:d3:c3:33:cc:5c:0c:72:cc:44:
                    5f:c7:c1:ac:46:ab:f9:a7:e6:cd:e6:c5:36:9f:7a:
                    ae:02:d9:3b:64:d1:15:36:57:8f:4b:9a:27:8b:97:
                    2f:84:6c:9e:2a:3f:7d:18:67:26:25:f4:97:67:38:
                    bd:09:1e:59:84:00:06:d6:88:19:16:91:11:8b:32:
                    22:77:41:a9:db:44:ff:a2:65:20:d3:39:85:9c:ac:
                    32:2d:de:51:9e:e1:e0:b0:22:7c:0a:93:f8:e1:f6:
                    86:5e:cf:ee:e1:64:f8:06:12:91:00:14:22:2f:80:
                    68:50:e3:6d:de:ca:b9:9e:b1:f1:a3:cf:90:70:34:
                    e8:81:c4:a9:9e:8f:b6:03:53:0e:54:ed:f3:57:55:
                    72:c1:94:38:56:ad:7b:01:13:8e:b7:a3:b9:0b:58:
                    5a:ab:0e:52:69:4f:45:bd:f3:5f:9e:de:c2:bf:76:
                    58:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:BE:BC:A1:04:88:20:97:54:01:14:30:B4:2E:1E:25:12:24:A7:43
            X509v3 Authority Key Identifier:
                keyid:BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/Nr68oQSIIJdUARQwtC4eJRIkp0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.228.0/22
                  74.119.192.0/24
                  74.119.194.0/23
                  80.92.204.0-80.92.206.255
                  185.242.84.0/22
                  185.250.148.0/23
                  185.250.151.0/24
                  195.149.87.0/24
                IPv6:
                  2a09:7c40::-2a09:7c42:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:7c44::/32
                  2a09:7c47::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:93:6e:a0:d4:c5:e3:94:cf:40:ed:f4:ea:f3:52:e0:65:38:
         19:91:7b:66:73:eb:5e:1f:11:4d:41:6d:0b:3e:45:2d:b7:78:
         a5:59:e4:e6:20:7e:3a:5d:53:30:95:c4:be:81:71:b6:47:4e:
         f7:8d:47:82:96:9c:a8:0c:9f:d1:74:1b:2a:6c:9b:bd:2c:06:
         95:8e:e0:62:4c:a1:6c:c6:27:e2:f2:3d:8a:73:f0:76:26:7b:
         3b:23:d1:b2:0a:70:0b:5a:49:28:ef:44:ce:5a:ca:12:4e:c8:
         a0:b8:7b:43:9e:4a:56:a0:0b:55:3e:55:5e:04:d4:7d:85:65:
         4c:eb:ae:39:43:36:37:9e:f3:99:f9:48:a8:38:cb:4a:f0:a5:
         0d:13:29:47:5b:39:c1:f7:a9:42:4d:65:60:38:d5:0b:c1:bd:
         8b:01:d1:d1:aa:05:34:26:d1:c4:05:51:f1:4f:15:d5:61:c7:
         87:db:33:fb:b8:b5:ed:d3:c8:bd:04:63:b6:3e:a0:fe:d0:d2:
         bc:ef:0d:00:d4:af:fe:bc:55:3f:bf:23:48:aa:b0:9b:0f:ac:
         07:45:cd:b0:1c:07:ae:18:85:0f:fe:84:8a:aa:1b:50:dd:d1:
         84:98:7a:d9:6d:f7:9f:cd:c0:d0:da:e0:17:42:75:0a:48:f4:
         69:8f:70:2c
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYcOHEdRaQimg2FWMG+Xn2xAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODMwNjMwZjIzYjA3MGEyYjdiZGY1MjlmNzM5NDhjOTdl
YWNkNDAwHhcNMjMwMzIzMTA1NTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmJlYmNhMTA0ODgyMDk3NTQwMTE0MzBiNDJlMWUyNTEyMjRhNzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+vkFoNRWUG0hzGwFJaNlpWTt3Dx
p7DPREjYaxSa66RJyf2kaZBFr4ytoYLKc9K7PWuFMw4xLxPmzs7wa3LjoDALD24b
8VRjvbgufFO7ntzTwzPMXAxyzERfx8GsRqv5p+bN5sU2n3quAtk7ZNEVNlePS5on
i5cvhGyeKj99GGcmJfSXZzi9CR5ZhAAG1ogZFpERizIid0Gp20T/omUg0zmFnKwy
Ld5RnuHgsCJ8CpP44faGXs/u4WT4BhKRABQiL4BoUONt3sq5nrHxo8+QcDTogcSp
no+2A1MOVO3zV1VywZQ4Vq17AROOt6O5C1haqw5SaU9FvfNfnt7Cv3ZYKQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFDa+vKEEiCCXVAEUMLQuHiUSJKdDMB8GA1UdIwQY
MBaAFLuDBjDyOwcKK3vfUp9zlIyX6s1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMt
MTE5ZWZjYmIyMDIzLzEvTnI2OG9RU0lJSmRVQVJRd3RDNGVKUklrcDBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMtMTE5ZWZjYmIyMDIz
LzEvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjA+BAIAATA4AwQCLUPkAwQA
SnfAAwQBSnfCMAwDBAJQXMwDBABQXM4DBAK58lQDBAG5+pQDBAC5+pcDBADDlVcw
JAQCAAIwHjAOAwUGKgl8QAMFACoJfEIDBQAqCXxEAwUAKgl8RzANBgkqhkiG9w0B
AQsFAAOCAQEAL5NuoNTF45TPQO306vNS4GU4GZF7ZnPrXh8RTUFtCz5FLbd4pVnk
5iB+Ol1TMJXEvoFxtkdO941HgpacqAyf0XQbKmybvSwGlY7gYkyhbMYn4vI9inPw
diZ7OyPRsgpwC1pJKO9EzlrKEk7IoLh7Q55KVqALVT5VXgTUfYVlTOuuOUM2N57z
mflIqDjLSvClDRMpR1s5wfepQk1lYDjVC8G9iwHR0aoFNCbRxAVR8U8V1WHHh9sz
+7i17dPIvQRjtj6g/tDSvO8NANSv/rxVP78jSKqwmw+sB0XNsBwHrhiFD/6Eiqob
UN3RhJh62W33n83A0NrgF0J1Ckj0aY9wLA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:41:06 2024 by rpki-client on console-fra.rpki-client.org